package jdbc;

import java.sql.*;

public class Demo8 {
    public static void main(String[] args) {
        try ( Connection connection = DBUtil.getConnection();){
            String sql="SELECT id,username,password,nickname,age " +
                    "FROM user " +
                    "WHERE username=? AND password=? ";
            //先将SQL语句发送给数据库；
            PreparedStatement ps=connection.prepareStatement(sql);
            //通过PrepareStatement将预编译SQL中的“？”来指定对应的值；
            ps.setString(1,"陈昊然");
            ps.setString(2,"123456789");
           //ps.setString(2,"a' OR '1'='1");
            ResultSet rs=ps.executeQuery();
            if (rs.next()){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
